dhbo 0 Denunciar post Postado Junho 30, 2010 Sou leiga no assunto, e toda vez que ligo o laptop aparece uma janela com a inscrição: "Failed to set data for 'SynNglp". Como vi que para resolver esse problema é preciso enviar o log da análise do HijackThis, segue o log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:57:12, on 30/06/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\DellTPad\Apoint.exe C:\Windows\OEM02Mon.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe C:\Windows\System32\SynNglp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/5 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/5 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fornecido por Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GbPlugin\gbiehAbn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [synNglp] C:\Windows\system32\SynNglp.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsgrUpd] C:\Windows\system32\MsgrUpd.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehAbn.dll O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9266 bytes Fico no aguardo da análise. Obrigada Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Junho 30, 2010 Boa tarde dhbo 1. *Envie o arquivo para análise em http://www.virustotal.com.br C:\Windows\System32\SynNglp.exe *Cole o link do resultado. Compartilhar este post Link para o post Compartilhar em outros sites
dhbo 0 Denunciar post Postado Junho 30, 2010 Boa tarde dhbo 1. *Envie o arquivo para análise em http://www.virustotal.com.br C:\Windows\System32\SynNglp.exe *Cole o link do resultado. segue o link do resultado: http://www.virustotal.com/pt/analisis/6de1fe7e7ffed68290c8e4f1a119533c62335206230a816e21c889d0f5b6f178-1277778909 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Junho 30, 2010 *Baixe o SystemLook e salve-o no desktop *Duplo clique em SystemLook.exe *Cole o código abaixo no espaço em branco: :fileC:\Windows\System32\SynNglp.exe *Clique em [Look] *Cole o relatório apresentado em SystemLook.txt localizado no desktop Compartilhar este post Link para o post Compartilhar em outros sites
dhbo 0 Denunciar post Postado Junho 30, 2010 *Baixe o SystemLook'>http://jpshortstuff.247fixes.com/SystemLook.exe"]SystemLook e salve-o no desktop *Duplo clique em SystemLook.exe *Cole o código abaixo no espaço em branco: :fileC:\Windows\System32\SynNglp.exe *Clique em [Look] *Cole o relatório apresentado em SystemLook.txt localizado no desktop segue relatório: SystemLook v1.0 by jpshortstuff (11.01.10) Log created at 14:04 on 30/06/2010 by Debora (Administrator - Elevation successful) ========== file ========== C:\Windows\System32\SynNglp.exe - File found and opened. MD5: F75A7366E77CAABB376527134CE50B62 Created at 17:02 on 29/06/2010 Modified at 17:02 on 29/06/2010 Size: 404992 bytes Attributes: --a--- No version information available. -=End Of File=- Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Junho 30, 2010 OK.... 1. *Delete o SystemLook e seu relatório. 2. *Desative temporariamente seu antivírus *Baixe o ComboFix e salve-o no desktop *Execute o Combofix e aceite o contrato *Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação. *Clique em [sIM] para continuar. *Aguarde a conclusão de todas as etapas *Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER. *O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
dhbo 0 Denunciar post Postado Junho 30, 2010 OK.... 1. *Delete o SystemLook e seu relatório. 2. *Desative temporariamente seu antivírus *Baixe o ComboFix'>http://download.bleepingcomputer.com/sUBs/ComboFix.exe"]ComboFix e salve-o no desktop *Execute o Combofix e aceite o contrato *Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação. *Clique em [sIM] para continuar. *Aguarde a conclusão de todas as etapas *Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER. *O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta. ________________________________________________________________________________________________________________________________________ segue relatório: ComboFix 10-06-29.04 - Debora 30/06/2010 14:28:20.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.55.1046.18.3573.1798 [GMT -3:00] Executando de: C:\Users\Debora\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ADS - drivers: deleted 304 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\Debora\avira_antivir_personal_en.exe C:\Users\Debora\GoogleEarthSetup.exe C:\Windows\system32\oledb32.dll C:\Windows\xpsp1hfm.log . (((((((((((((((( Arquivos/Ficheiros criados de 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))) . 2010-06-30 17:34:33 . 2010-06-30 17:34:33 -------- d-----w- C:\Users\Israel\AppData\Local\temp 2010-06-30 17:34:33 . 2010-06-30 17:34:33 -------- d-----w- C:\Users\Default\AppData\Local\temp 2010-06-30 13:54:49 . 2010-06-30 13:57:11 -------- d-----w- C:\HijackThis 2010-06-30 13:47:00 . 2009-03-02 13:41:12 69120 ----a-w- C:\ProgramData\SupportSoft\DellSupportCenter\SYSTEM\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE 2010-06-29 17:02:24 . 2010-06-29 17:02:27 404992 ----a-w- C:\Windows\system32\SynNglp.exe 2010-06-23 14:07:56 . 2009-11-08 13:55:32 99176 ----a-w- C:\Windows\system32\PresentationHostProxy.dll 2010-06-23 14:07:56 . 2009-11-08 13:55:32 49472 ----a-w- C:\Windows\system32\netfxperf.dll 2010-06-23 14:07:56 . 2009-11-08 13:55:32 297808 ----a-w- C:\Windows\system32\mscoree.dll 2010-06-23 14:07:56 . 2009-11-08 13:55:32 295264 ----a-w- C:\Windows\system32\PresentationHost.exe 2010-06-23 14:07:56 . 2009-11-08 13:55:32 1130824 ----a-w- C:\Windows\system32\dfshim.dll 2010-06-23 14:07:14 . 2010-04-16 16:43:35 28672 ----a-w- C:\Windows\system32\Apphlpdm.dll 2010-06-23 14:07:14 . 2010-04-16 14:39:07 4240384 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll 2010-06-09 14:55:52 . 2010-05-26 17:06:41 34304 ----a-w- C:\Windows\system32\atmlib.dll 2010-06-09 14:55:52 . 2010-05-26 14:47:41 289792 ----a-w- C:\Windows\system32\atmfd.dll 2010-06-09 14:55:50 . 2010-05-01 14:13:48 2037248 ----a-w- C:\Windows\system32\win32k.sys 2010-06-09 14:55:48 . 2010-04-05 17:01:01 67072 ----a-w- C:\Windows\system32\asycfilt.dll 2010-06-09 08:06:33 . 2010-06-09 08:06:33 976832 ----a-w- C:\ProgramData\Adobe\Reader\9.3\ARM\28684\AdobeARM.exe 2010-06-09 08:06:33 . 2010-06-09 08:06:33 70584 ----a-w- C:\ProgramData\Adobe\Reader\9.3\ARM\28684\AdobeExtractFiles.dll 2010-06-09 08:06:33 . 2010-06-09 08:06:33 331176 ----a-w- C:\ProgramData\Adobe\Reader\9.3\ARM\28684\ReaderUpdater.exe 2010-06-09 08:06:33 . 2010-06-09 08:06:33 331176 ----a-w- C:\ProgramData\Adobe\Reader\9.3\ARM\28684\AcrobatUpdater.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-30 17:34:59 . 2009-03-07 18:03:21 -------- d-----w- C:\Users\Debora\AppData\Roaming\Skype 2010-06-30 13:41:53 . 2009-03-02 10:00:35 12 ----a-w- C:\Windows\bthservsdp.dat 2010-06-30 13:19:02 . 2009-03-05 22:28:24 91480 ----a-w- C:\Users\Debora\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-29 23:34:19 . 2009-04-18 17:20:46 91480 ----a-w- C:\Users\Israel\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-23 13:58:27 . 2009-07-31 19:43:54 -------- d-----w- C:\ProgramData\GbPlugin 2010-06-19 18:27:12 . 2008-01-21 05:26:24 634222 ----a-w- C:\Windows\system32\prfh0416.dat 2010-06-19 18:27:12 . 2008-01-21 05:26:24 121888 ----a-w- C:\Windows\system32\prfc0416.dat 2010-06-17 21:56:22 . 2009-09-23 17:33:40 -------- d-----w- C:\Users\Debora\AppData\Roaming\uTorrent 2010-06-15 11:49:18 . 2009-11-07 14:20:47 -------- d-----w- C:\Program Files\McAfee 2010-06-09 21:37:42 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail 2010-06-09 15:04:11 . 2009-03-02 13:27:48 -------- d-----w- C:\ProgramData\Microsoft Help 2010-06-05 13:48:43 . 2009-04-28 21:21:38 -------- d-----w- C:\Program Files\Microsoft Silverlight 2010-06-02 11:21:29 . 2009-07-31 19:43:54 -------- d-----w- C:\Program Files\GbPlugin 2010-05-26 13:48:08 . 2009-07-31 19:44:38 45472 ----a-w- C:\Windows\system32\drivers\gbpkm.sys 2010-05-26 10:48:08 . 2009-03-02 13:49:47 -------- d-----w- C:\Program Files\Microsoft 2010-05-21 17:14:28 . 2009-10-05 11:25:16 221568 ------w- C:\Windows\system32\MpSigStub.exe 2010-05-14 22:59:56 . 2009-08-26 13:49:05 -------- d-----w- C:\Program Files\Google 2010-05-11 17:59:32 . 2009-03-02 13:13:26 -------- d-----w- C:\Program Files\Java 2010-05-07 15:55:52 . 2010-05-07 15:55:52 255472 ----a-w- C:\Users\Israel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll 2010-05-05 11:23:03 . 2009-09-23 17:34:45 -------- d-----w- C:\Program Files\uTorrent 2010-05-04 05:59:21 . 2010-06-09 14:56:36 916480 ----a-w- C:\Windows\system32\wininet.dll 2010-05-04 05:55:42 . 2010-06-09 14:56:35 71680 ----a-w- C:\Windows\system32\iesetup.dll 2010-05-04 05:55:42 . 2010-06-09 14:56:35 109056 ----a-w- C:\Windows\system32\iesysprep.dll 2010-05-04 04:31:05 . 2010-06-09 14:56:35 133632 ----a-w- C:\Windows\system32\ieUnatt.exe 2010-05-02 12:32:30 . 2009-03-06 01:21:07 -------- d-----w- C:\ProgramData\Roxio 2010-04-25 16:37:21 . 2010-04-25 16:37:17 14926688 ----a-w- C:\Users\Debora\IE8-WindowsVista-x86-PTB.exe 2010-04-23 14:13:55 . 2010-05-26 10:47:08 2048 ----a-w- C:\Windows\system32\tzres.dll 2010-04-16 16:43:26 . 2010-06-23 14:07:14 173056 ----a-w- C:\Windows\AppPatch\AcXtrnal.dll 2010-04-16 16:43:21 . 2010-06-23 14:07:14 458752 ----a-w- C:\Windows\AppPatch\AcSpecfc.dll 2010-04-16 16:43:19 . 2010-06-23 14:07:14 542720 ----a-w- C:\Windows\AppPatch\AcLayers.dll 2010-04-16 16:43:17 . 2010-06-23 14:07:14 2159616 ----a-w- C:\Windows\AppPatch\AcGenral.dll 2010-04-12 20:29:19 . 2010-05-11 17:59:41 411368 ----a-w- C:\Windows\system32\deployJava1.dll 2009-03-02 13:18:26 . 2009-03-02 13:18:26 75 --sh--r- C:\Windows\CT4CET.bin 2009-03-02 17:31:36 . 2009-03-02 17:26:50 8192 --sha-w- C:\Windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 06:28:03 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 02:23:32 1008184] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2008-05-04 09:25:26 167936] "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-28 05:51:42 36864] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-06 07:58:24 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-06 07:58:10 166424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-03-06 07:58:14 133656] "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 19:43:34 118784] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 16:00:00 174872] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 13:58:06 184320] "dellsupportcenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 16:58:02 206064] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 11:07:24 405504] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2009-10-29 08:54:44 1218008] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 14:43:18 248040] "lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 17:45:52 74672] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 05:42:51 36272] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 18:17:47 952768] "SynNglp"="C:\Windows\system32\SynNglp.exe" [2010-06-29 17:02:27 404992] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2009-3-2 50688] QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2008-2-22 1193240] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn] 2009-10-22 17:01:04 310824 ------w- C:\PROGRA~1\GbPlugin\gbiehAbn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2010-05-26 13:47:02 335136 ----a-w- C:\Program Files\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-03-02 13:36:09 10536 ----a-w- C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Debora^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk] backup=C:\Windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-04-04 05:42:51 36272 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6] 2009-01-08 10:36:42 2521464 ----a-w- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(B):4c,9e,85,c7,50,fa,c9,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-805792439-2956983707-2821351012-1000] "EnableNotificationsRef"=dword:00000001 R2 Autorun CDROM Monitor;Autorun CDROM Monitor;C:\Windows\system32\SupportAppXL\cdrom_mon.exe [2007-10-17 09:20:14 81920] R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-26 13:49:02 133104] R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;C:\Windows\system32\DRIVERS\ONDAusbmdm6k.sys [x] R3 ONDAusbnmea;ONDA NMEA Port;C:\Windows\system32\DRIVERS\ONDAusbnmea.sys [x] R3 ONDAusbser6k;ONDA Diagnostic Port;C:\Windows\system32\DRIVERS\ONDAusbser6k.sys [x] S0 GbpKm;Gbp KernelMode;C:\Windows\system32\drivers\gbpkm.sys [2010-05-26 13:48:08 45472] S2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 11:07:16 73728] S2 GbpSv;Gbp Service;C:\PROGRA~1\GbPlugin\GbpSv.exe [2010-05-26 13:46:42 55072] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 07:58:44 111616] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Conteúdo da pasta 'Tarefas Agendadas' 2010-06-30 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-26 13:49:09 . 2009-08-26 13:49:02] 2010-06-30 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-26 13:49:09 . 2009-08-26 13:49:02] 2010-06-29 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-805792439-2956983707-2821351012-1001Core.job - C:\Users\Israel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-05 18:34:53 . 2009-11-01 12:55:12] 2010-06-30 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-805792439-2956983707-2821351012-1001UA.job - C:\Users\Israel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-05 18:34:53 . 2009-11-01 12:55:12] 2009-11-09 C:\Windows\Tasks\McDefragTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-11-07 14:20:54 . 2009-09-25 14:22:14] 2010-03-01 C:\Windows\Tasks\McQcTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-11-07 14:20:54 . 2009-09-25 14:22:14] 2010-06-30 C:\Windows\Tasks\User_Feed_Synchronization-{5E0F2936-DC89-4A6D-9F6C-EEC048FC9B36}.job - C:\Windows\system32\msfeedssync.exe [2010-06-09 14:56:35 . 2010-05-04 04:30:19] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.uol.com.br/ IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Enviar imagem para Dispositivo &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Enviar página para Dispositivo &Bluetooth ... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: bancobrasil.com.br\www14 Trusted Zone: bancobrasil.com.br\www2 Trusted Zone: bancodobrasil.com.br\www2 Trusted Zone: bb.com.br\www Trusted Zone: santandernet.com.br\www . . ------- Associação de arquivos/ficheiros ------- . .scr=AutoCADScriptFile . - - - - ORFÃOS REMOVIDOS - - - - HKCU-Run-MsgrUpd - C:\Windows\system32\MsgrUpd.exe MSConfigStartUp-hpqSRMon - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-30 14:34:45 Windows 6.0.6002 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tempo para conclusão: 2010-06-30 14:37:31 ComboFix-quarantined-files.txt 2010-06-30 17:37:28 Pré-execução: 161.572.589.568 bytes disponíveis Pós execução: 161.685.655.552 bytes disponíveis - - End Of File - - AAAF534807B0CB0367429109FA2A8FFF Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Junho 30, 2010 *Abra o bloco de notas e cole nele todo o conteúdo do código abaixo: File::C:\Windows\system32\SynNglp.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynNglp"=- *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, evite usar o mouse e o teclado!!..para interromper o processo tecle N ou 2. *Cole o relatório criado em C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
dhbo 0 Denunciar post Postado Junho 30, 2010 *Abra o bloco de notas e cole nele todo o conteúdo do código abaixo: File::C:\Windows\system32\SynNglp.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynNglp"=- *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, evite usar o mouse e o teclado!!..para interromper o processo tecle N ou 2. *Cole o relatório criado em C:\combofix.txt _____________________________________________________________________________________________________________________________________ segue o relatório: ComboFix 10-06-29.04 - Debora 30/06/2010 15:46:37.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.55.1046.18.3573.2349 [GMT -3:00] Executando de: C:\Users\Debora\Desktop\ComboFix.exe Comandos utilizados :: C:\Users\Debora\Desktop\CFScript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "C:\Windows\system32\SynNglp.exe" . ADS - drivers: deleted 304 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\SynNglp.exe . ---- Execuções precedente ------- . C:\Users\Debora\avira_antivir_personal_en.exe C:\Users\Debora\GoogleEarthSetup.exe C:\Windows\system32\oledb32.dll C:\Windows\xpsp1hfm.log . (((((((((((((((( Arquivos/Ficheiros criados de 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))) . 2010-06-30 18:53:42 . 2010-06-30 18:53:42 -------- d-----w- C:\Users\Israel\AppData\Local\temp 2010-06-30 18:53:42 . 2010-06-30 18:53:42 -------- d-----w- C:\Users\Default\AppData\Local\temp 2010-06-30 13:54:49 . 2010-06-30 13:57:11 -------- d-----w- C:\HijackThis 2010-06-30 13:47:00 . 2009-03-02 13:41:12 69120 ----a-w- C:\ProgramData\SupportSoft\DellSupportCenter\SYSTEM\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE 2010-06-23 14:07:56 . 2009-11-08 13:55:32 99176 ----a-w- C:\Windows\system32\PresentationHostProxy.dll 2010-06-23 14:07:56 . 2009-11-08 13:55:32 49472 ----a-w- C:\Windows\system32\netfxperf.dll 2010-06-23 14:07:56 . 2009-11-08 13:55:32 297808 ----a-w- C:\Windows\system32\mscoree.dll 2010-06-23 14:07:56 . 2009-11-08 13:55:32 295264 ----a-w- C:\Windows\system32\PresentationHost.exe 2010-06-23 14:07:56 . 2009-11-08 13:55:32 1130824 ----a-w- C:\Windows\system32\dfshim.dll 2010-06-23 14:07:14 . 2010-04-16 16:43:35 28672 ----a-w- C:\Windows\system32\Apphlpdm.dll 2010-06-23 14:07:14 . 2010-04-16 14:39:07 4240384 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll 2010-06-09 14:55:52 . 2010-05-26 17:06:41 34304 ----a-w- C:\Windows\system32\atmlib.dll 2010-06-09 14:55:52 . 2010-05-26 14:47:41 289792 ----a-w- C:\Windows\system32\atmfd.dll 2010-06-09 14:55:50 . 2010-05-01 14:13:48 2037248 ----a-w- C:\Windows\system32\win32k.sys 2010-06-09 14:55:48 . 2010-04-05 17:01:01 67072 ----a-w- C:\Windows\system32\asycfilt.dll 2010-06-09 08:06:33 . 2010-06-09 08:06:33 976832 ----a-w- C:\ProgramData\Adobe\Reader\9.3\ARM\28684\AdobeARM.exe 2010-06-09 08:06:33 . 2010-06-09 08:06:33 70584 ----a-w- C:\ProgramData\Adobe\Reader\9.3\ARM\28684\AdobeExtractFiles.dll 2010-06-09 08:06:33 . 2010-06-09 08:06:33 331176 ----a-w- C:\ProgramData\Adobe\Reader\9.3\ARM\28684\ReaderUpdater.exe 2010-06-09 08:06:33 . 2010-06-09 08:06:33 331176 ----a-w- C:\ProgramData\Adobe\Reader\9.3\ARM\28684\AcrobatUpdater.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-30 18:25:45 . 2009-03-07 18:03:21 -------- d-----w- C:\Users\Debora\AppData\Roaming\Skype 2010-06-30 13:41:53 . 2009-03-02 10:00:35 12 ----a-w- C:\Windows\bthservsdp.dat 2010-06-30 13:19:02 . 2009-03-05 22:28:24 91480 ----a-w- C:\Users\Debora\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-29 23:34:19 . 2009-04-18 17:20:46 91480 ----a-w- C:\Users\Israel\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-23 13:58:27 . 2009-07-31 19:43:54 -------- d-----w- C:\ProgramData\GbPlugin 2010-06-19 18:27:12 . 2008-01-21 05:26:24 634222 ----a-w- C:\Windows\system32\prfh0416.dat 2010-06-19 18:27:12 . 2008-01-21 05:26:24 121888 ----a-w- C:\Windows\system32\prfc0416.dat 2010-06-17 21:56:22 . 2009-09-23 17:33:40 -------- d-----w- C:\Users\Debora\AppData\Roaming\uTorrent 2010-06-15 11:49:18 . 2009-11-07 14:20:47 -------- d-----w- C:\Program Files\McAfee 2010-06-09 21:37:42 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail 2010-06-09 15:04:11 . 2009-03-02 13:27:48 -------- d-----w- C:\ProgramData\Microsoft Help 2010-06-05 13:48:43 . 2009-04-28 21:21:38 -------- d-----w- C:\Program Files\Microsoft Silverlight 2010-06-02 11:21:29 . 2009-07-31 19:43:54 -------- d-----w- C:\Program Files\GbPlugin 2010-05-26 13:48:08 . 2009-07-31 19:44:38 45472 ----a-w- C:\Windows\system32\drivers\gbpkm.sys 2010-05-26 10:48:08 . 2009-03-02 13:49:47 -------- d-----w- C:\Program Files\Microsoft 2010-05-21 17:14:28 . 2009-10-05 11:25:16 221568 ------w- C:\Windows\system32\MpSigStub.exe 2010-05-14 22:59:56 . 2009-08-26 13:49:05 -------- d-----w- C:\Program Files\Google 2010-05-11 17:59:32 . 2009-03-02 13:13:26 -------- d-----w- C:\Program Files\Java 2010-05-07 15:55:52 . 2010-05-07 15:55:52 255472 ----a-w- C:\Users\Israel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll 2010-05-05 11:23:03 . 2009-09-23 17:34:45 -------- d-----w- C:\Program Files\uTorrent 2010-05-04 05:59:21 . 2010-06-09 14:56:36 916480 ----a-w- C:\Windows\system32\wininet.dll 2010-05-04 05:55:42 . 2010-06-09 14:56:35 71680 ----a-w- C:\Windows\system32\iesetup.dll 2010-05-04 05:55:42 . 2010-06-09 14:56:35 109056 ----a-w- C:\Windows\system32\iesysprep.dll 2010-05-04 04:31:05 . 2010-06-09 14:56:35 133632 ----a-w- C:\Windows\system32\ieUnatt.exe 2010-05-02 12:32:30 . 2009-03-06 01:21:07 -------- d-----w- C:\ProgramData\Roxio 2010-04-25 16:37:21 . 2010-04-25 16:37:17 14926688 ----a-w- C:\Users\Debora\IE8-WindowsVista-x86-PTB.exe 2010-04-23 14:13:55 . 2010-05-26 10:47:08 2048 ----a-w- C:\Windows\system32\tzres.dll 2010-04-16 16:43:26 . 2010-06-23 14:07:14 173056 ----a-w- C:\Windows\AppPatch\AcXtrnal.dll 2010-04-16 16:43:21 . 2010-06-23 14:07:14 458752 ----a-w- C:\Windows\AppPatch\AcSpecfc.dll 2010-04-16 16:43:19 . 2010-06-23 14:07:14 542720 ----a-w- C:\Windows\AppPatch\AcLayers.dll 2010-04-16 16:43:17 . 2010-06-23 14:07:14 2159616 ----a-w- C:\Windows\AppPatch\AcGenral.dll 2010-04-12 20:29:19 . 2010-05-11 17:59:41 411368 ----a-w- C:\Windows\system32\deployJava1.dll 2009-03-02 13:18:26 . 2009-03-02 13:18:26 75 --sh--r- C:\Windows\CT4CET.bin 2009-03-02 17:31:36 . 2009-03-02 17:26:50 8192 --sha-w- C:\Windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((( SnapShot@2010-06-30_17.34.47 ))))))))))))))))))))))))))))))))))))))))) . + 2006-11-02 13:05:11 . 2010-06-30 18:33:47 95474 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2006-11-02 13:05:11 . 2010-06-30 13:45:13 95474 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-03-05 22:29:01 . 2010-06-30 18:33:48 15490 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-805792439-2956983707-2821351012-1000_UserData.bin + 2008-04-15 01:59:20 . 2010-06-30 18:33:01 32768 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-04-15 01:59:20 . 2010-06-30 13:44:29 32768 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-04-15 01:59:20 . 2010-06-30 18:33:01 32768 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-04-15 01:59:20 . 2010-06-30 13:44:29 32768 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-04-15 01:59:21 . 2010-06-30 18:33:01 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-04-15 01:59:21 . 2010-06-30 13:44:29 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-06-30 13:43:03 . 2010-06-30 13:43:03 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2010-06-30 13:43:03 . 2010-06-30 18:31:39 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2010-06-30 13:43:03 . 2010-06-30 18:31:39 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2010-06-30 13:43:03 . 2010-06-30 13:43:03 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-03-19 01:21:03 . 2010-06-30 17:44:08 291190 C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 06:28:03 1233920] "MsgrUpd"="C:\Windows\system32\MsgrUpd.exe" [bU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 02:23:32 1008184] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2008-05-04 09:25:26 167936] "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-28 05:51:42 36864] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-06 07:58:24 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-06 07:58:10 166424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-03-06 07:58:14 133656] "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 19:43:34 118784] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 16:00:00 174872] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 13:58:06 184320] "dellsupportcenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 16:58:02 206064] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 11:07:24 405504] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2009-10-29 08:54:44 1218008] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 14:43:18 248040] "lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 17:45:52 74672] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 05:42:51 36272] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 18:17:47 952768] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2009-3-2 50688] QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2008-2-22 1193240] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn] 2009-10-22 17:01:04 310824 ------w- C:\PROGRA~1\GbPlugin\gbiehAbn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2010-05-26 13:47:02 335136 ----a-w- C:\Program Files\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-03-02 13:36:09 10536 ----a-w- C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Debora^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk] backup=C:\Windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-04-04 05:42:51 36272 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6] 2009-01-08 10:36:42 2521464 ----a-w- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(B):4c,9e,85,c7,50,fa,c9,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-805792439-2956983707-2821351012-1000] "EnableNotificationsRef"=dword:00000001 R2 Autorun CDROM Monitor;Autorun CDROM Monitor;C:\Windows\system32\SupportAppXL\cdrom_mon.exe [2007-10-17 09:20:14 81920] R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-26 13:49:02 133104] R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;C:\Windows\system32\DRIVERS\ONDAusbmdm6k.sys [x] R3 ONDAusbnmea;ONDA NMEA Port;C:\Windows\system32\DRIVERS\ONDAusbnmea.sys [x] R3 ONDAusbser6k;ONDA Diagnostic Port;C:\Windows\system32\DRIVERS\ONDAusbser6k.sys [x] S0 GbpKm;Gbp KernelMode;C:\Windows\system32\drivers\gbpkm.sys [2010-05-26 13:48:08 45472] S2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 11:07:16 73728] S2 GbpSv;Gbp Service;C:\PROGRA~1\GbPlugin\GbpSv.exe [2010-05-26 13:46:42 55072] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 07:58:44 111616] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Conteúdo da pasta 'Tarefas Agendadas' 2010-06-30 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-26 13:49:09 . 2009-08-26 13:49:02] 2010-06-30 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-26 13:49:09 . 2009-08-26 13:49:02] 2010-06-29 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-805792439-2956983707-2821351012-1001Core.job - C:\Users\Israel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-05 18:34:53 . 2009-11-01 12:55:12] 2010-06-30 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-805792439-2956983707-2821351012-1001UA.job - C:\Users\Israel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-05 18:34:53 . 2009-11-01 12:55:12] 2009-11-09 C:\Windows\Tasks\McDefragTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-11-07 14:20:54 . 2009-09-25 14:22:14] 2010-03-01 C:\Windows\Tasks\McQcTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-11-07 14:20:54 . 2009-09-25 14:22:14] 2010-06-30 C:\Windows\Tasks\User_Feed_Synchronization-{5E0F2936-DC89-4A6D-9F6C-EEC048FC9B36}.job - C:\Windows\system32\msfeedssync.exe [2010-06-09 14:56:35 . 2010-05-04 04:30:19] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.uol.com.br/ IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Enviar imagem para Dispositivo &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Enviar página para Dispositivo &Bluetooth ... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: bancobrasil.com.br\www14 Trusted Zone: bancobrasil.com.br\www2 Trusted Zone: bancodobrasil.com.br\www2 Trusted Zone: bb.com.br\www Trusted Zone: santandernet.com.br\www . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-30 15:53:55 Windows 6.0.6002 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tempo para conclusão: 2010-06-30 15:58:17 ComboFix-quarantined-files.txt 2010-06-30 18:58:10 Pré-execução: 161.418.686.464 bytes disponíveis Pós execução: 161.378.009.088 bytes disponíveis - - End Of File - - B8A3C6A8D8EE25210828BA7610A8072C Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Junho 30, 2010 *Abra o bloco de notas e cole nele todo o conteúdo do código abaixo: File::C:\Windows\system32\MsgrUpd.exe Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsgrUpd"=- *Salve o arquivo no desktop como CFScript.txt *Arraste o arquivo para o Combofix conforme ilustração abaixo: *Importante: enquanto o combofix estiver em execução, evite usar o mouse e o teclado!!..para interromper o processo tecle N ou 2. *Cole o relatório criado em C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
dhbo 0 Denunciar post Postado Junho 30, 2010 segue relatório: ComboFix 10-06-29.04 - Debora 30/06/2010 16:32:43.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.55.1046.18.3573.2329 [GMT -3:00] Executando de: C:\Users\Debora\Desktop\ComboFix.exe Comandos utilizados :: C:\Users\Debora\Desktop\CFScript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "C:\Windows\system32\MsgrUpd.exe" . ADS - drivers: deleted 304 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Execuções precedente ------- . C:\Windows\system32\SynNglp.exe . (((((((((((((((( Arquivos/Ficheiros criados de 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))) . 2010-06-30 19:40:30 . 2010-06-30 19:40:30 -------- d-----w- C:\Users\Israel\AppData\Local\temp 2010-06-30 19:40:30 . 2010-06-30 19:40:30 -------- d-----w- C:\Users\Default\AppData\Local\temp 2010-06-30 13:54:49 . 2010-06-30 13:57:11 -------- d-----w- C:\HijackThis 2010-06-30 13:47:00 . 2009-03-02 13:41:12 69120 ----a-w- C:\ProgramData\SupportSoft\DellSupportCenter\SYSTEM\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE 2010-06-23 14:07:56 . 2009-11-08 13:55:32 99176 ----a-w- C:\Windows\system32\PresentationHostProxy.dll 2010-06-23 14:07:56 . 2009-11-08 13:55:32 49472 ----a-w- C:\Windows\system32\netfxperf.dll 2010-06-23 14:07:56 . 2009-11-08 13:55:32 297808 ----a-w- C:\Windows\system32\mscoree.dll 2010-06-23 14:07:56 . 2009-11-08 13:55:32 295264 ----a-w- C:\Windows\system32\PresentationHost.exe 2010-06-23 14:07:56 . 2009-11-08 13:55:32 1130824 ----a-w- C:\Windows\system32\dfshim.dll 2010-06-23 14:07:14 . 2010-04-16 16:43:35 28672 ----a-w- C:\Windows\system32\Apphlpdm.dll 2010-06-23 14:07:14 . 2010-04-16 14:39:07 4240384 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll 2010-06-09 14:55:52 . 2010-05-26 17:06:41 34304 ----a-w- C:\Windows\system32\atmlib.dll 2010-06-09 14:55:52 . 2010-05-26 14:47:41 289792 ----a-w- C:\Windows\system32\atmfd.dll 2010-06-09 14:55:50 . 2010-05-01 14:13:48 2037248 ----a-w- C:\Windows\system32\win32k.sys 2010-06-09 14:55:48 . 2010-04-05 17:01:01 67072 ----a-w- C:\Windows\system32\asycfilt.dll 2010-06-09 08:06:33 . 2010-06-09 08:06:33 976832 ----a-w- C:\ProgramData\Adobe\Reader\9.3\ARM\28684\AdobeARM.exe 2010-06-09 08:06:33 . 2010-06-09 08:06:33 70584 ----a-w- C:\ProgramData\Adobe\Reader\9.3\ARM\28684\AdobeExtractFiles.dll 2010-06-09 08:06:33 . 2010-06-09 08:06:33 331176 ----a-w- C:\ProgramData\Adobe\Reader\9.3\ARM\28684\ReaderUpdater.exe 2010-06-09 08:06:33 . 2010-06-09 08:06:33 331176 ----a-w- C:\ProgramData\Adobe\Reader\9.3\ARM\28684\AcrobatUpdater.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-30 19:29:37 . 2009-03-07 18:03:21 -------- d-----w- C:\Users\Debora\AppData\Roaming\Skype 2010-06-30 13:41:53 . 2009-03-02 10:00:35 12 ----a-w- C:\Windows\bthservsdp.dat 2010-06-30 13:19:02 . 2009-03-05 22:28:24 91480 ----a-w- C:\Users\Debora\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-29 23:34:19 . 2009-04-18 17:20:46 91480 ----a-w- C:\Users\Israel\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-23 13:58:27 . 2009-07-31 19:43:54 -------- d-----w- C:\ProgramData\GbPlugin 2010-06-19 18:27:12 . 2008-01-21 05:26:24 634222 ----a-w- C:\Windows\system32\prfh0416.dat 2010-06-19 18:27:12 . 2008-01-21 05:26:24 121888 ----a-w- C:\Windows\system32\prfc0416.dat 2010-06-17 21:56:22 . 2009-09-23 17:33:40 -------- d-----w- C:\Users\Debora\AppData\Roaming\uTorrent 2010-06-15 11:49:18 . 2009-11-07 14:20:47 -------- d-----w- C:\Program Files\McAfee 2010-06-09 21:37:42 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail 2010-06-09 15:04:11 . 2009-03-02 13:27:48 -------- d-----w- C:\ProgramData\Microsoft Help 2010-06-05 13:48:43 . 2009-04-28 21:21:38 -------- d-----w- C:\Program Files\Microsoft Silverlight 2010-06-02 11:21:29 . 2009-07-31 19:43:54 -------- d-----w- C:\Program Files\GbPlugin 2010-05-26 13:48:08 . 2009-07-31 19:44:38 45472 ----a-w- C:\Windows\system32\drivers\gbpkm.sys 2010-05-26 10:48:08 . 2009-03-02 13:49:47 -------- d-----w- C:\Program Files\Microsoft 2010-05-21 17:14:28 . 2009-10-05 11:25:16 221568 ------w- C:\Windows\system32\MpSigStub.exe 2010-05-14 22:59:56 . 2009-08-26 13:49:05 -------- d-----w- C:\Program Files\Google 2010-05-11 17:59:32 . 2009-03-02 13:13:26 -------- d-----w- C:\Program Files\Java 2010-05-07 15:55:52 . 2010-05-07 15:55:52 255472 ----a-w- C:\Users\Israel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll 2010-05-05 11:23:03 . 2009-09-23 17:34:45 -------- d-----w- C:\Program Files\uTorrent 2010-05-04 05:59:21 . 2010-06-09 14:56:36 916480 ----a-w- C:\Windows\system32\wininet.dll 2010-05-04 05:55:42 . 2010-06-09 14:56:35 71680 ----a-w- C:\Windows\system32\iesetup.dll 2010-05-04 05:55:42 . 2010-06-09 14:56:35 109056 ----a-w- C:\Windows\system32\iesysprep.dll 2010-05-04 04:31:05 . 2010-06-09 14:56:35 133632 ----a-w- C:\Windows\system32\ieUnatt.exe 2010-05-02 12:32:30 . 2009-03-06 01:21:07 -------- d-----w- C:\ProgramData\Roxio 2010-04-25 16:37:21 . 2010-04-25 16:37:17 14926688 ----a-w- C:\Users\Debora\IE8-WindowsVista-x86-PTB.exe 2010-04-23 14:13:55 . 2010-05-26 10:47:08 2048 ----a-w- C:\Windows\system32\tzres.dll 2010-04-16 16:43:26 . 2010-06-23 14:07:14 173056 ----a-w- C:\Windows\AppPatch\AcXtrnal.dll 2010-04-16 16:43:21 . 2010-06-23 14:07:14 458752 ----a-w- C:\Windows\AppPatch\AcSpecfc.dll 2010-04-16 16:43:19 . 2010-06-23 14:07:14 542720 ----a-w- C:\Windows\AppPatch\AcLayers.dll 2010-04-16 16:43:17 . 2010-06-23 14:07:14 2159616 ----a-w- C:\Windows\AppPatch\AcGenral.dll 2010-04-12 20:29:19 . 2010-05-11 17:59:41 411368 ----a-w- C:\Windows\system32\deployJava1.dll 2009-03-02 13:18:26 . 2009-03-02 13:18:26 75 --sh--r- C:\Windows\CT4CET.bin 2009-03-02 17:31:36 . 2009-03-02 17:26:50 8192 --sha-w- C:\Windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((( SnapShot@2010-06-30_17.34.47 ))))))))))))))))))))))))))))))))))))))))) . + 2006-11-02 13:05:11 . 2010-06-30 19:04:13 95474 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2006-11-02 13:05:11 . 2010-06-30 13:45:13 95474 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-03-05 22:29:01 . 2010-06-30 19:04:13 15490 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-805792439-2956983707-2821351012-1000_UserData.bin + 2008-04-15 01:59:20 . 2010-06-30 19:30:29 32768 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-04-15 01:59:20 . 2010-06-30 13:44:29 32768 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-04-15 01:59:20 . 2010-06-30 19:30:29 32768 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-04-15 01:59:20 . 2010-06-30 13:44:29 32768 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-04-15 01:59:21 . 2010-06-30 19:30:29 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-04-15 01:59:21 . 2010-06-30 13:44:29 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-06-30 13:43:03 . 2010-06-30 19:02:02 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2010-06-30 13:43:03 . 2010-06-30 13:43:03 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2010-06-30 13:43:03 . 2010-06-30 13:43:03 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-06-30 13:43:03 . 2010-06-30 19:02:02 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-03-19 01:21:03 . 2010-06-30 19:00:27 291776 C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-05-10 23:51:11 . 2010-06-30 14:56:21 245760 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-05-10 23:51:11 . 2010-06-30 19:04:55 245760 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 06:28:03 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 02:23:32 1008184] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2008-05-04 09:25:26 167936] "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-28 05:51:42 36864] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-06 07:58:24 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-06 07:58:10 166424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-03-06 07:58:14 133656] "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 19:43:34 118784] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 16:00:00 174872] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 13:58:06 184320] "dellsupportcenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 16:58:02 206064] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 11:07:24 405504] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2009-10-29 08:54:44 1218008] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 14:43:18 248040] "lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 17:45:52 74672] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 05:42:51 36272] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 18:17:47 952768] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2009-3-2 50688] QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2008-2-22 1193240] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn] 2009-10-22 17:01:04 310824 ------w- C:\PROGRA~1\GbPlugin\gbiehAbn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2010-05-26 13:47:02 335136 ----a-w- C:\Program Files\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-03-02 13:36:09 10536 ----a-w- C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Debora^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk] backup=C:\Windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-04-04 05:42:51 36272 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6] 2009-01-08 10:36:42 2521464 ----a-w- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(B):4c,9e,85,c7,50,fa,c9,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-805792439-2956983707-2821351012-1000] "EnableNotificationsRef"=dword:00000001 R2 Autorun CDROM Monitor;Autorun CDROM Monitor;C:\Windows\system32\SupportAppXL\cdrom_mon.exe [2007-10-17 09:20:14 81920] R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-26 13:49:02 133104] R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;C:\Windows\system32\DRIVERS\ONDAusbmdm6k.sys [x] R3 ONDAusbnmea;ONDA NMEA Port;C:\Windows\system32\DRIVERS\ONDAusbnmea.sys [x] R3 ONDAusbser6k;ONDA Diagnostic Port;C:\Windows\system32\DRIVERS\ONDAusbser6k.sys [x] S0 GbpKm;Gbp KernelMode;C:\Windows\system32\drivers\gbpkm.sys [2010-05-26 13:48:08 45472] S2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 11:07:16 73728] S2 GbpSv;Gbp Service;C:\PROGRA~1\GbPlugin\GbpSv.exe [2010-05-26 13:46:42 55072] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 07:58:44 111616] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Conteúdo da pasta 'Tarefas Agendadas' 2010-06-30 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-26 13:49:09 . 2009-08-26 13:49:02] 2010-06-30 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-26 13:49:09 . 2009-08-26 13:49:02] 2010-06-29 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-805792439-2956983707-2821351012-1001Core.job - C:\Users\Israel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-05 18:34:53 . 2009-11-01 12:55:12] 2010-06-30 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-805792439-2956983707-2821351012-1001UA.job - C:\Users\Israel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-05 18:34:53 . 2009-11-01 12:55:12] 2009-11-09 C:\Windows\Tasks\McDefragTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-11-07 14:20:54 . 2009-09-25 14:22:14] 2010-03-01 C:\Windows\Tasks\McQcTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-11-07 14:20:54 . 2009-09-25 14:22:14] 2010-06-30 C:\Windows\Tasks\User_Feed_Synchronization-{5E0F2936-DC89-4A6D-9F6C-EEC048FC9B36}.job - C:\Windows\system32\msfeedssync.exe [2010-06-09 14:56:35 . 2010-05-04 04:30:19] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.uol.com.br/ IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Enviar imagem para Dispositivo &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Enviar página para Dispositivo &Bluetooth ... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: bancobrasil.com.br\www14 Trusted Zone: bancobrasil.com.br\www2 Trusted Zone: bancodobrasil.com.br\www2 Trusted Zone: bb.com.br\www Trusted Zone: santandernet.com.br\www . ************************************************************************** Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tempo para conclusão: 2010-06-30 16:45:06 ComboFix-quarantined-files.txt 2010-06-30 19:45:00 Pré-execução: 161.474.424.832 bytes disponíveis Pós execução: 161.431.846.912 bytes disponíveis - - End Of File - - 35BC3EB16748EED71E07B0CF9D37AFB7 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Junho 30, 2010 1. *Clique em [iniciar] > [Executar] > digite: Combofix /uninstall *Clique [OK] *Clique em [Executar] *Aguarde até surgir a mensagem: "ComboFix está desinstalado" *Clique [OK] 2. *Baixe o MalwareBytes Anti-malware e salve-o no desktop *Instale o programa *Se alguma atualização existir,o download será automático. Aguarde... *O programa será aberto automaticamente. *Na aba [Verificação], selecione a opção [Verificação completa] *Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\) *Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados] *Clique em [Remover Selecionados] *Um relatório (mbam-log-ano-mês-data.txt) será apresentado. *Cole-o na sua próxima resposta Após colar o log do Malwarebytes... 3. *Clique em [iniciar] > [Executar] > digite: msconfig *Clique OK *Clique na aba "BOOT.INI" *Selecione a linha C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons *Clique em [Verificar caminhos de inicialização] *Clique em [sIM] > [OK] *Reinicie o PC *Ao iniciar o Windows, o utilitário de configuração informará que foi alterado. *Clique em "Não mostrar esta mensagem ou iniciar o utilitário de configuração do sistema ao iniciar o Windows" Compartilhar este post Link para o post Compartilhar em outros sites
dhbo 0 Denunciar post Postado Junho 30, 2010 segue o relatório: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 4262 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18928 30/06/2010 19:28:09 mbam-log-2010-06-30 (19-28-09).txt Tipo de Verificação: Verificação Completa (C:\|D:\|) Objetos escaneados: 274785 Tempo decorrido: 1 hora(s), 19 minuto(s), 32 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 0 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: (Não foram detectados ítens maliciosos) Compartilhar este post Link para o post Compartilhar em outros sites
dhbo 0 Denunciar post Postado Junho 30, 2010 não consegui executar o PASSO 3, pois o Windows é o Vista, a tela de Configuração do Sistema é diferente. Não quis procurar pra não ter perigo de fazer algo errado. No aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 1, 2010 OK...tudo bem... Sem problemas. O PC está limpo. Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
dhbo 0 Denunciar post Postado Julho 1, 2010 obrigada pela sua atenção bom trabalho Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Julho 1, 2010 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
